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DETAILED ACTION 



1 . This action is responsive to the amendment filed august 26, 2005. 



2. Claims 1 and 10 have been amended. 



3. Claims 1-16 have been re-examined and are pending with this action. 



Claim Rejections - 35 USC §112 § 

4. Claim 1 rejected under 35 U.S.C. 112, second paragraph, in the previous office 
action has been withdrawn. 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

5. Claim 10 is rejected under 35 U.S.C. 112, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter, which 
was not described in the specification in such a way as to reasonably convey to one 
skilled in the relevant art that the inventor(s), at the time the application was filed, had 
possession of the claimed invention. The amended limitation of "without creating a 
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domain agent communication between the first server and the plural servers" is not 
supported by the specification. Furthermore, the examiner could not even find the term 
"domain agent" in the specification. 



Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another filed in the 
United States before the invention thereof by the applicant for patent, or on an international application 
by another who has fulfilled the requirements of paragraphs (1 ), (2), and (4) of section 371 (c) of this 
title before the invention thereof by the applicant for patent. 

The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act 
of 1999 (AIPA) and the Intellectual Property and High Technology Technical 
Amendments Act of 2002 do not apply when the reference is a U.S. patent resulting 
directly or indirectly from an international application filed before November 29, 2000. 
Therefore, the prior art date of the reference is determined under 35 U.S.C. 102(e) prior 
to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

6. Claims 1-3 and 9-1 1 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Sampson et al. (US 6,339,423 B1). 



f 
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INDEPENDENT: 

As per claim 1, Sampson teaches a method for providing an automated login for 
a user connecting to a server, wherein the server comprises a first server of a plurality 
of servers that are connected via a computer network (see Fig.1 and Fig.2), the method 
comprising steps of: 

receiving a connection to the user via a client data terminal (see col.1, lines 53- 
63 and col .4, lines 24-35); 

accessing the first server by the user after being authenticated (see col .2, lines 
13-24 and col .4, lines 36-40); 

selecting from the first server a computer input mark (see col .5, line 41 and col .8, 
line 20: "Multi-Domain Token") to a second server and assigning a first identifier and 
underlying second identifier associated with the first server of the input mark (see col. 7, 
lines 24-36 & 49-50 and col .8, lines 20-31); and 

authenticating, without the use of cookie (see col .5, lines 1 1-16 & 31-37), the 
user and the first server and allowing access to the second server (see col. 3, lines 28- 
30; col.4, lines 36-40; and col.5, lines ), without requesting a cookie from the client (see 
col. 5, lines 1 1-16 & 31-37) if both identifiers are authenticated to eliminate the need for 
the user to provide separate login information (see col.4, lines 16-18 and col.5, line 16: 
"causing the user to log-in again") and to eliminate the use of cookies when connecting 
to the second server via the input mark (see col.5, line 31-46: "Multi-Domain Token"). 
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As per claim 10, Sampson teaches a method for providing an automated login 
for a user logging onto a host web site (see Fig.1 and Fig.2), the method comprising 
steps of: 

receiving a connection to a user (see col.1 , lines 53-63 and col .4, lines 24-35) via 
an affiliated web site (see Fig.1); 

accessing the first server by the user after being authenticated (see col.2, lines 
13-24 and col.4, lines 36-40); 

selecting from the host web site a computer input mark (see col. 5, line 41 and 
col. 8, line 20: "Multi-Domain Token") having a hyperlink to a second web site (inherent: 
see col.7, lines 49-50 and col. 8, lines 29-31) and assigning a personal identifier and an 
underlying provider identifier associated with the host web site of the input mark (see 
col.7, lines 24-36 & 49-50 and col.8, lines 20-31); and 

allowing the user access to the host web site (see col .3, lines 28-30; col.4, lines 
36-40; and col. 5, lines ), without creating domain agent communication between the first 
server and the plural servers and without requesting a cookie from the user (see col. 5, 
lines 1 1 -1 6 & 31 -37), based on the received identifier if the identifier is authenticated 
(see col. 5, lines 41-44) to eliminate the need for the user to provide separate login 
information (see col.4, lines 16-18 and col. 5, line 16: "causing the user to log-in again") 
when connecting to the second web site via the hyperlink of the input mark (see col.5, 
line 41 and col.8, line 20: "Multi-Domain Token") and without the use of a cookie. 



DEPENDENT: 
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As per claim 2, Sampson further teaches wherein the second identifier 
comprises a provider identifier associated with the second server (see col. 7, lines 48- 
50) and the first identifier comprises a personal identifier assigned to the user by the 
second server (inherent: regardless of the token, the user must be a known and 
identified user in a "protected server 205", see col. 8, lines 20-21). 

As per claim 3, Sampson further teaches wherein the step of authenticating the 
user comprises a step of allowing a user access to a service provided by the first server 
after an initial registration by the user (see claim 1 rejection above and col .4, lines 36- 
40). 

As per claim 9, Sampson teaches of further comprising a step of assigning, by 
the first server and during the first connection, a personal identifier to the iuser (inherent: 
see col.2, lines 16-20). 

As per claim 11, Sampson further teaches wherein the personal identifier is 
provided to the second web site via a transparent login process after the user 
disconnects and then later reconnects to the second web site (see col.4, lines 36-40: 
"via a browser"). 

7. Claims 4-8 and 12-16, are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Sampson et al. (US 6,339,423 B1) in view of Goldberg et al. (US 
5,823,879 A). 
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As per claims 4 and 12, Sampson further teaches wherein the step of receiving 
a connection comprises a step of receiving a second connection to a user via a client 
data terminal (see abstract: "A first server for a first domain transmits a data token to a 
client seeking access to a resource in a second domain. The client transmits the data 
token to a second server in the other domain."), wherein the step of selecting from the 
first server a computer input mark comprises a step of receiving, during the second 
connection, a provider identifier associated with a second server of the plurality of 
servers (see above and col. 7, lines 48-50), and a step of receiving, during the second 
connection (see col .5, lines 35-37), a personal identifier assigned to the user by the 
second server (inherent: see col.5, lines 6-7; regardless of the token, the user must be a 
known and identified user in a "protected server 205", see col.8, lines 20-21), and 
further comprising steps of: receiving a first connection to the user via a client data 
terminal, wherein the first connection is first in time relative to the second connection 
(see col.7, lines 23-36); receiving, during the first connection, an identifier associated 
with the second server (see abstract: "A first server for a first domain transmits a data 
token to a client seeking access to a resource in a second domain."); storing the 
identifier (see col. 12, line 66 to col.13, line 2); and wherein the step of authenticating the 
user comprises a step of matching the stored identifier with the identifier received during 
the second connection (see col.8, lines 35-44). 

Sampson does not explicitly teach of a means for receiving registration 
information during the first connection from a user of the client data terminal, and a 
means for storing the received registration information. Goldberg teaches of a means 
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for receiving registration information during the first connection from a user of the client 
data terminal (see col. 5, lines 12-19), and a means for storing the received registration 
information (see col. 7, line 67-col.8, line 27). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to employ the teachings of Goldberg within the system of Sampson 
by implementing a means for receiving and storing registration information from a user 
of the client data terminal within the server because Goldberg teaches that by 
registering, the server can employ "a distinct identification" to identify each user and 
also "use in selection criteria by sponsors or advertisers" (see col. 5, lines 4-13). It is 
well known in the art that a plurality of web sites employ registration of new users for 
such purposes and because Sampson teaches that "access information is created and 
stored" (see col. 5, lines 6-7). 

As per claims 5 and 13, Sampson further teaches wherein the identifier received 
during the first connection and the identifier received during the second connection each 
comprises a provider identifier associated with a second server (or affiliated web site) 
and a personal identifier assigned to the user by the second server (see claim 2 
rejection above). 

As per claim 6, Sampson further teaches wherein the step of storing comprises 
steps of: creating a user profile (see col.5, lines 6-7); and storing the identifier (see 
col. 5, lines 6-7), but Sampson does not explicitly teach of storing the registration 
information in the user profile. Goldberg teaches wherein the step of storing comprises 



I 
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storing the registration information in the user profile (see col .21, line 63- col .22, line 15 
and col.22, lines 35-43). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to employ the teachings of Goldberg within the system of Sampson 
by implementing storing the registration information in the user profile within the within 
the method for providing an automated login for a user connecting to a server because 
the use of user profile assists in the identification of an individual. 

As per claim 7, Sampson teaches of further including steps of: requesting, during 
the first connection, consent of the user to use the identifier associated with the second 
server (inherent); and receiving the requested consent (inherent: see col .4, lines 36-40). 

As per claim 3, Sampson does not explicitly teach wherein the registration 
information comprises at least one of a user name, user post office address, user 
telephone number, and user electronic mail address. Goldberg teaches of wherein the 
registration information comprises at least one of a user name, user post office address, 
user telephone number, and user electronic mail address (see col .5, lines 12-19). 

As per claim 14, Sampson further teaches wherein the registration information 
and identifier received with respect to the first connection is stored in a database (see 
Fig.2: "Multi-Domain Token server 208"), and wherein the step of allowing comprises 
steps of: searching the database for an identifier that matches the identifier received 
with respect to the second connection (inherent); and when a matching identifier is 
located, allowing the user access to the host web site (see col. 8, lines 35-44). 
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As per claim 15, Sampson teaches a server (see Fig.1 and Fig.2) comprising: a 
means for receiving a first connection and a second connection to a client data terminal, 
wherein the first connection is first in time relative to the second connection (see col.7, 
lines 23-26); a means for accessing the first server by the user after being authenticated 
(see col. 2, lines 13-24 and col. 4, lines 36-40); a means for selecting from the first 
connection a computer input mark (see col. 5, line 41 and col. 8, line 20: "Multi-Domain 
Token") having a hyperlink to the second connection (inherent: see col. 7, lines 49-50 
and col. 8, lines 29-31); a means for receiving a personal identifier and a provider 
identifier (see col.7, lines 24-36 & 49-50 and col. 8, lines 20-31) each associated with an 
affiliated server during a first connection, which affiliated server was visited by the user 
prior to the server receiving the first connection to the client data terminal^see abstract); 
a means for storing the personal identifier (see col. 5, lines 6-7); a means for receiving 
an the provider identifier during the second connection (see col.7, lines 49-50); and a 
means for authenticating the user during the second connection based on the personal 
and provider identifiers received during the second connection and allowing access to 
the second connection if both identifiers are authenticated to eliminate the need for the 
user to provide separate login information when connecting to the second connection 
via the hyperlink of the input mark (see col.8, lines 32-44) and to eliminate the use of 
cookies during authentication and connection (see col. 5, lines 14-16 & 32-37). 

Sampson does not explicitly teach of a means for receiving registration 
information during the first connection from a user of the client data terminal, and a 
means for storing the received registration information. Goldberg teaches of a means 
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for receiving registration information during the first connection from a user of the client 
data terminal (see col. 5, lines 12-19), and a means for storing the received registration 
information (see col .7, line 67-col.8, line 27). 

It would have been obvious to a person of ordinary skill in the art at the time the 
invention was made to employ the teachings of Goldberg within the system of Sampson 
by implementing a means for receiving and storing registration information from a user 
of the client data terminal within the server because Goldberg teaches that by 
registering, the server can employ "a distinct identification" to identify each user and 
also "use in selection criteria by sponsors or advertisers" (see col. 5, lines 4-13). It is 
well known in the art that a plurality of web sites employ registration of new users for 
such purposes and because Sampson teaches that "access information is created and 
stored" (see col. 5, lines 6-7). 

As per claim 16, Sampson further teaches wherein the personal identifier is 
provided to the second connection via a transparent login process after the user 
disconnects and then later reconnects to the second connection (see col.4, lines 36-40: 
"via a browser"). 

Response to Remarks 

8. In response to the argument regarding Sampson's disclosure, specifically 
regarding col.5, lines 46-59, although ultimately the cookies are employed, it is noted 
that the "access control cookies" are not employed to "authenticate" as claimed 
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("authenticating, without the use of cookie..."), but rather the "multi-domain tokens" are 
employed to authenticate (see abstract: "The second server uses the data token to 
verify that the user is authentic, that is authorized to access resources protected by the 
access control system" and see col. 5, lines 41-44: "A Multi-Domain Token is an 
encrypted data item used to verify that the user has been authenticated by Access 
Control System 220'). Therefore, Sampson's teaching of "Upon receiving from Multi- 
Domain Token Server 208 a message confirming that the user is authenticated..." then 
"Agent transmits to the browser access control cookies" as recited in column 5, lines 55- 
60, does not teach away from the claimed invention. 

In response to the argument regarding claim 10, the argument is moot because 
such amended limitation is not supported by the specification. 

The applicant(s) are reminded that by employing negative limitations, any 
reference, teaching authentication without using the terminology "cookies" so long as 
the functionality of the claimed invention is taught clearly teaches the claimed invention. 
The applicant(s) are suggested to amend the claim language to explicitly recite the 
functional features that which teach away from prior art rather than relying on negative 
limitations. 

Conclusion 

9. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

1 0. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael Y. Won whose telephone number is 571-272- 
3993. The examiner can normally be reached on M-Th: 7AM-5PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on 571-272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 



Application/Control Number: 09/718,583 



Page 14 



Art Unit: 2155 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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